Did Arizona turn over its counterterrorism database to a Chinese spy? | The Verge

Did Arizona turn over its counterterrorism database to a Chinese spy?

24
(US Army / Flickr)

Arizona's biggest counterterrorism center may be covering up a massive data breach. A new investigation from ProPublica and The Center for Investigative Reporting looks at Lizhong Fan, a Chinese national hired at Arizona's Counterterrorism Information Center in 2007. In June of that year, Fan abruptly left the country, flying back to Beijing with two laptops and a number of other hard drives in his luggage. His bosses in Arizona weren't told about the trip and found his work computers completely erased, leaving no trace of his activities. Fan sent a few more emails, expressing a desire to return to the US in the distant future, but after that fell silent. According to ProPublica, no one at the Arizona center has heard from him in over three years.

Fan got the job through Xunmei Li, whom the FBI now suspects of espionage

Hired as a facial recognition expert, Fan had access to essentially all the data at the Arizona center, which includes five million driver's licenses along with more sensitive law enforcement databases. Potentially, the database could also include information on intelligence analysts and investigators, putting it on the level with a recent USIS breach that revealed the birth dates and social security numbers for more than 25,000 Homeland Security officers.

Basic vetting should have disqualified active Chinese citizens from working at the center, but Fan seems to have slipped through thanks to a combination of bad contracting practices and possible foul play. Fan was officially an employee of Hummingbird Defense Systems, an Arizona firm that was hired to build a facial recognition system for the counterterrorism center. Hummingbird hired Fan based on his work building similar systems for the Chinese government, but it's not clear he was ever properly vetted by Homeland Security. Fan was recommended for the job by Xunmei Li, girlfriend of Hummingbird CEO Steve Greschner, whom the FBI now suspects may have been spying for the Chinese government.

Sheriff Joe Arpaio seems to have worked to cover up the breach

There are still a lot of questions to be answered, including how the breach stayed secret for the seven years since Fan left the country. The two officials in charge of the center, Maricopa Country Sheriff Joe Arpaio and Homeland Security Chief Janet Napolitano, have been silent about the breach, and Arpaio's deputies seem to have worked to keep the information secret, instructing officers not to discuss the incident.

The incident also raises real questions about the post-9/11 practice of housing data in central fusion centers like the Arizona outpost. In this case, it made it easy for an interloper like Fan to access all the state's counterterrorism data from a single location. As ProPublica points out, the Arizona center was initially hailed as a model for fusion centers across the country. A 2006 Washington Post article described the center as "one of the best-run and most effective" intelligence centers in the country.

More from The Verge

Back to top ^
X
Log In Sign Up

forgot?
forgot?
Log In Sign Up

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot username?

We'll email it to you.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Try another email?

Forgot username?

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.
Spinner.vc97ec6e

Authenticating

Great!

Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.

tracking_pixel_5345_tracker